As more and more transactions go digital, the idea of not having to share your personal information is increasingly compelling. It’s taken for granted in the offline world: There, you can give a merchant cash in exchange for a good—no other strings attached. Online, though, you make a purchase for some good, and in addition to the cash, you give certain information.
Bo Jiang, founder and CEO of Privacy.com, set out to change that dynamic when he founded the company in 2014. His earlier forays in fintech surrounded making rental payments easier and alternative—and anonymous—currencies like Bitcoin and Dogecoin. He liked the idea of bringing mass adoption of anonymous transactions online, which helps prevent fraudulent transactions and ensures privacy. Privacy lets a user create a prepaid “burner” debit card for online purchases that draws on the user’s bank account but doesn’t transmit any personal information to the merchant.
Plaid’s Chelsea Allison caught up with Jiang to chat about privacy in payments and the challenges and opportunities in bringing new financial technologies to market. Their conversation has been edited for clarity and brevity.
CA: What was the genesis of the idea for Privacy?
BJ: The idea actually came from my co-founder, Andy Roth, who was the Chief Privacy Officer of American Express. At the time, he was doing some work in the Bitcoin world. There are a lot of interesting things about Bitcoin: the fact that it’s an inherently more secure, push-based way of transacting, and the fact that it’s pseudonymous.
But the thing that’s preventing widespread adoption of Bitcoin, in my mind, is that there is no universal acceptance and no consumer mediation or protections. If you lose five Bitcoins, you’re just out five Bitcoins—tough luck.
Privacy combines the best of both worlds: the benefits of security and privacy with the ease-of-use of traditional payment rails.
It’s also a net good for the ecosystem, because we’re helping prevent a lot of fraud that would happen otherwise.
CA: So you took inspiration from the world of Bitcoin and the offline precedent in prepaid cards, but how did you marry these ideas?
BJ: One thing that seems to draw a lot of people to Bitcoin is that you can destroy the establishment—there’s very much this anarchist or libertarian vibe to it. But for us, it’s always been about providing the best experience to the end user. Once we acknowledged that, working with a major card network and bank was the clear path forward. The question then became whether we take the route of credit, or take the route of debit and prepaid.
CA: What were the tradeoffs?
BJ: We thought pretty hard about this. One major constraint of credit would be that we would have to screen our users super aggressively. That would basically mean we were only going to serve high-income people with great credit scores. But when you’re offering a security product, the people that you can really help aren’t your Amex platinum users. For us, there’s definitely a social mission in helping the under-banked or people who don’t have great credit scores. Going the debit route really allows us to do that. And the nice thing about the Plaid Balance API endpoint is that we can manage the risk on these folks to make sure that they have the necessary funds.
CA: How did you choose your bank and processor?
BJ: We probably talked to 50 banks. We cast a wide net and talked to a bunch of people. We wanted a partner that wasn’t just purely transactional. Ultimately, we’re glad we found a partner that got what we were doing and believed in it.
On the processing side of things, we’re integrated into the authorization stream. So, basically, when the message comes from Visa to the processor, the processor passes it on to us, and we have the ability to accept or reject the transaction. Some other companies are doing that now, but it’s fairly rare. And our processor was able to accommodate that.
CA: How does generating the pseudonymous, prepaid cards randomly for each user actually work?
BJ: You sign up with our service, and then you connect your bank account using Plaid. You pick the funding source if you have several, and then you install our browser extension.
From this point on, whenever you’re on a checkout page, Privacy automatically detects the credit card field and overlays a little Privacy button next to it. The user can set parameters on it, click create, and it just auto-fills a card number.
That card number is a Visa card number, so you just click checkout like you normally would from there.
CA: And in the cases where the user can associate a card with a specific merchant—less of a burner experience—how does that differ?
BJ: Burner cards get the most attention, but actually the large majority of our cards are single-merchant cards. Essentially, someone trusts the merchant but doesn’t want a single point of failure—say if their credit card at Sketchy Merchant XYZ gets breached, they’d have to change it out.
So we lock the card to that particular merchant. We have a huge merchant data set and partner IDs and all that, and basically do fuzzy matching. And that’s sort of a tricky problem in itself.
CA: Tell me about the user education involved in decoupling a user’s real name and address from the card itself. The user can really just use fake info there.
BJ: Well, it trips flags with merchants. If you’re buying a physical product and your IP is from New York, and the shipping address is in San Francisco, and the billing address is in Montana, that’s probably going to bring up some flags.
We try to tell people to keep it sane: Use a pseudonym if you want, but don’t just go totally to town. Because even if we approve the transaction, because we control the AVS, there are other players involved. Merchants can still decline.
CA: I know the basics of Privacy are free for consumers, and you make money off the interchange. How important was it to you that it be free?
BJ: The interchange allows our core product to always be free to consumers. There’s a bunch of interesting stuff we can do around premium features, but we’ve pretty strongly held onto the belief that the core product should always be free and accessible to everyone.
CA: What has been the biggest challenge, or the most surprising thing that you’ve discovered, as you continue to build Privacy and look toward the future?
BJ: The interesting thing about building a fintech company is that it requires executing well in all directions. There’s an expectation that you have to have a really good user experience. And even if you get that right, if you can’t get the payments piece of it, or get the right partners, it’s all sort of worthless.
I think the hardest piece for us was adjusting to the existing infrastructure and existing players. That’s something that you can underestimate coming from the tech world. You might be like, well it takes me an hour to deploy a change, so why can’t everyone else do that, right? And it requires a degree of empathy and understanding—a respect for the status quo. I think a lot of startups forget that.